Joachim Fasting
e6538caa48
nixos/tests: re-enable hardened test
...
Has been okay since 62623b60d5
2019-01-06 14:08:20 +01:00
Joachim Fasting
39c30a33c1
nixos/tests/hardened: test loading out-of-tree-modules
2019-01-06 13:19:28 +01:00
Frederik Rietdijk
e5381cdece
Merge master into staging-next
2019-01-06 09:36:23 +01:00
Jörg Thalheim
09fb07e4af
Merge pull request #52943 from ck3d/vdr-enableLirc
...
nixos vdr: introduce option enableLirc
2019-01-05 17:51:41 +01:00
Jörg Thalheim
8a2389e4a1
Merge pull request #53404 from Mic92/xsslock
...
nixos/xss-lock: specify a default locker
2019-01-05 16:44:29 +01:00
Jörg Thalheim
2614c8a6c5
nixos/xss-lock: specify a default locker
...
Having a default locker is less error-prone and more convenient.
Incorrect values might leave the machine vulnerable since there is no
fallback.
2019-01-05 16:42:30 +01:00
Vladimír Čunát
d84a33d85b
Merge branch 'master' into staging-next
...
A few more rebuilds (~1k on x86_64-linux).
2019-01-05 15:02:04 +01:00
Joachim Fasting
167578163a
nixos/hardened profile: always enable pti
2019-01-05 14:07:39 +01:00
Joachim Fasting
3f1f443125
nixos/hardened profile: slab/slub hardening
...
slab_nomerge may reduce surface somewhat
slub_debug is used to enable additional sanity checks and "red zones" around
allocations to detect read/writes beyond the allocated area, as well as
poisoning to overwrite free'd data.
The cost is yet more memory fragmentation ...
2019-01-05 14:07:37 +01:00
Jörg Thalheim
9b2f0fbcdd
nixos/lirc: expose socket path via passthru
2019-01-05 13:22:39 +01:00
worldofpeace
21327795ce
nixos/version: add LOGO to /etc/os-release
2019-01-05 00:03:39 -05:00
Frederik Rietdijk
9618abe87c
Merge master into staging-next
2019-01-04 21:13:19 +01:00
Michael Weiss
65c953976c
Merge pull request #53138 from gnidorah/sway
...
nixos/sway: Improve the wrapper
2019-01-04 11:49:07 +01:00
Matthew Bauer
74312c7ef5
Merge pull request #52760 from akru/master
...
lib/make-ext4-fs: more efficient store maker
2019-01-03 15:07:27 -06:00
Jean-Philippe Braun
4f99f8d2cb
nixos/prometheus-bind-exporter: add module
2019-01-03 21:14:21 +01:00
Frederik Rietdijk
2da31b80bb
Merge master into staging-next
2019-01-03 20:07:35 +01:00
Silvan Mosberger
2b1c9fd8a7
Merge pull request #53301 from cdepillabout/remove-cpufreqgov-alias
...
nixos/cpufreq: Remove the alias to set the cpu frequency governor
2019-01-03 17:47:53 +01:00
(cdep)illabout
46ecec8239
nixos/cpufreq: Remove the alias to set the cpu frequency governor
...
This PR temporarily fixes the issue with PR 53041 as explained
here:
https://github.com/NixOS/nixpkgs/pull/53041#commitcomment-31825338
The alias `powerManagement.cpufreq.governor` to
`powerManagement.cpuFreqGovernor` has been removed.
2019-01-03 20:57:49 +09:00
Сухарик
a285cead44
nixos/display-managers: allow pure wayland sessions
2019-01-03 09:38:36 +03:00
Frederik Rietdijk
092e3b50a8
Merge master into staging-next
2019-01-02 21:08:27 +01:00
ajs124
325e314aae
sshd: Add restartTrigger for sshd_config
...
Co-Authored-By: Franz Pletz <fpletz@fnordicwalking.de>
2019-01-02 20:11:01 +01:00
Franz Pletz
0ea65cd96c
shairport-sync service: fix default arguments
2019-01-02 19:17:22 +01:00
(cdep)illabout
b0f10d2d53
cpufreq: add option for setting the cpu max and min frequencies
...
This adds a NixOS option for setting the CPU max and min frequencies
with `cpufreq`. The two options that have been added are:
- `powerManagement.cpufreq.max`
- `powerManagement.cpufreq.min`
It also adds an alias to the `powerManagement.cpuFreqGovernor` option as
`powerManagement.cpufreq.governor`. This updates the installer to use
the new option name. It also updates the manual with a note about
the new name.
2019-01-01 19:18:12 +09:00
gnidorah
d15425f816
nixos/sway: Improve the wrapper
...
Port a change by @primeos from sway-beta module to sway module.
https://github.com/NixOS/nixpkgs/pull/51316
2019-01-01 11:21:15 +03:00
Frederik Rietdijk
070290bda7
Merge master into staging-next
2018-12-31 12:00:36 +01:00
Frederik Rietdijk
c6e043d57c
Remove composableDerivation, closes #18763
2018-12-30 12:33:45 +00:00
Silvan Mosberger
45c073e4da
Merge pull request #52930 from Ekleog/low-prio-syspath
...
system-path: set implicitly installed packages to be low-priority
2018-12-30 00:29:59 +01:00
Silvan Mosberger
070254317e
Revert "nixos/ddclient: make RuntimeDirectory and configFile private"
2018-12-29 16:53:43 +01:00
adisbladis
0ff4d0a516
fish: 2.7.1 -> 3.0.0
2018-12-28 21:23:24 +00:00
Frederik Rietdijk
10afccf145
Merge staging-next into staging
2018-12-27 18:11:34 +01:00
Dmitry Kalinkin
3edd5cb227
Merge pull request #51294 from eadwu/nvidia_x11/legacy_390
...
nvidia: expose nvidia_x11_legacy390
2018-12-27 09:08:53 -05:00
Joachim Fasting
ea4f371627
nixos/security/misc: expose SMT control option
...
For the hardened profile disable symmetric multi threading. There seems to be
no *proven* method of exploiting cache sharing between threads on the same CPU
core, so this may be considered quite paranoid, considering the perf cost.
SMT can be controlled at runtime, however. This is in keeping with OpenBSD
defaults.
TODO: since SMT is left to be controlled at runtime, changing the option
definition should take effect on system activation. Write to
/sys/devices/system/cpu/smt/control
2018-12-27 15:00:49 +01:00
Joachim Fasting
e9761fa327
nixos/security/misc: expose l1tf mitigation option
...
For the hardened profile enable flushing whenever the hypervisor enters the
guest, but otherwise leave at kernel default (conditional flushing as of
writing).
2018-12-27 15:00:48 +01:00
Joachim Fasting
84fb8820db
nixos/security/misc: factor out protectKernelImage
...
Introduces the option security.protectKernelImage that is intended to control
various mitigations to protect the integrity of the running kernel
image (i.e., prevent replacing it without rebooting).
This makes sense as a dedicated module as it is otherwise somewhat difficult
to override for hardened profile users who want e.g., hibernation to work.
2018-12-27 15:00:47 +01:00
Joachim Fasting
9db84f6fcd
nixos/security/misc: use mkMerge for easier extension
2018-12-27 15:00:46 +01:00
Christian Kögler
987fdea1a8
nixos vdr: introduce option enableLirc
...
also introduce option socket for lirc, to have access to socket path
2018-12-26 22:59:06 +01:00
Léo Gaspard
fa98337a15
system-path: set implicitly installed packages to be low-priority
...
The aim is to minimize surprises: when the user explicitly installs a
package in their configuration, it should override any package
implicitly installed by NixOS.
2018-12-26 23:16:17 +09:00
Samuel Dionne-Riel
302d53df2b
nixos/sd-image-aarch64-new-kernel: Added to release
...
This, paired with the previous commit, ensures the channel won't be held
back from a kernel upgrade and a non-building sd image, while still
having a new-kernel variant available.
2018-12-26 11:03:32 +00:00
Samuel Dionne-Riel
207210660f
nixos/sd-image-aarch64: Configures it to use the default kernel
2018-12-26 11:03:32 +00:00
Frederik Rietdijk
e45ca47f14
Merge staging-next into staging
2018-12-26 09:30:32 +01:00
Dmitry Kalinkin
c7f26a34e8
Merge pull request #52896 from veprbl/pr/gmane_wo_net-snmp
...
treewide: Fix broken Gmane URLs
2018-12-25 22:55:03 -05:00
Craig Younkins
8b12b17df3
treewide: Fix broken Gmane URLs
2018-12-25 22:34:55 -05:00
worldofpeace
c1599d29d9
gcr: rename from gnome3.gcr
2018-12-25 20:14:28 -05:00
worldofpeace
3f6c81da4d
Merge pull request #52592 from worldofpeace/geoclue/correct-sysconf
...
geoclue2: correct sysconfdir
2018-12-25 19:03:22 -05:00
worldofpeace
c65edd687f
geoclue2: correct sysconfdir
2018-12-25 18:38:19 -05:00
Jan Tojnar
c45e9d0fac
Merge branch 'master' into staging
2018-12-25 17:03:57 +01:00
Alexander Krupenkin
2f0c495c31
lib/make-ext4-fs: more efficient store maker
2018-12-24 23:21:15 +03:00
Sander van der Burg
a27aa247c0
Merge pull request #50596 from svanderburg/mobile-updates
...
Mobile updates
2018-12-24 15:52:33 +01:00
Jan Tojnar
ef935fa101
Merge branch 'master' into staging
2018-12-24 15:02:29 +01:00
zimbatm
d06f798ce7
Merge pull request #51566 from adisbladis/google-oslogin
...
GCE OSLogin module: init
2018-12-24 14:11:49 +01:00
